The Cyber Ranch Podcast

Howdy, y'all!  Allan went down to Orlando, Florida and recorded three LIVE! shows at Zero Trust World, a conference sponsored by ThreatLocker.  This is the first of those three shows.   James Keeler of LMT Technology Solutions has a steady hand on the incident response wheel and a lot of experience under his belt as well.  After seeing James speak on a panel at Zero Trust World, Allan asked him to be on the show.   Join Allan as he asks James to walk us through his philosophy of incident response, the underpinnings, the steps and just about everything else about Incident Response as well.   This show is sponsored by our good friends at ThreatLocker - visit https://threatlocker.com and tell them you heard about them down here at the 'Ranch!  

This week Allan is joined by Leigh Honeywell (CEO of Tall Poppy) Nathan Case (Federal CISO at Snyk), and Ryan Macababbad (Currently looking.  HIRE HER!), three cybersecurity professionals with broad backgrounds in cyber, and all three of whom are neurodivergent.   Allan in fact, has been recently diagnosed as being on the autism spectrum, albeit 'high functioning' (as the diagnosis indicates) or 'low support needed' (as the autism community prefers to call it).   With his recent diagnosis, Allan decided to reach out to friends in the neurodiverse community to discuss: The positives of neurodivergence Neurotypical responses and stereotypes about the ND community Cybersecurity-specific benefits to being ND Tips/Advice/Support for those who suspect or know that that they are ND  

Fun fact:  There are more vulnerabilities and exploits below the OS layer than above it! CPUs, BIOS, Firmware, embedded Linux, FPGAs, UEFI, PXE...  The list goes on an on.  What are we supposed to do about that? Allan asked Yuriy to come down to the 'Ranch to discuss this issue with him.  Yuriy is CEO at Eclypsium, member of the Forbes Technology Counsel, Founder of the open source CHIPSEC project, former head of Threat Research at McAfee, form Senior Principle Engineer at Intel…  He is uniquely qualified to discuss these issues. Full DISCLAIMER: Allan is CISO at Eclypsium.  Note that he asked Yuriy to come on the show, not the other way around.  Nobody knows this space like Yuriy and his team. Allan asks Yuriy about: The history of CPU exploits Unauthorized code in chips in network gear The various hacks available at this layer The role of SBOM in all this The open source CHIPSEC project It's an eye-opening show to say the least. Y'all be good now!

In this episode, Allan flies solo, as he is finally willing to speak on an issue he has been mulling and fussing over for some time:  the two-fold CISO laments of: "We have all the accountability and none of the authority!" "We don't own the risk - we advise the business" Allan is refuting both of these claims. Allan calls up examples such as project managers, contract lawyers, CFOs in his argument. He also demonstrates that we have far more authority than we think, and also that we can earn even more. As to advising the business, and the business owning the risk, we have here two contradictions to one of the show's mantras: "BE the business!" You will hopefully come away from this show with some different perspectives on these two claims. Y'all be good now! 

We declared a while back that 'not having a seat at the table' was a tired CISO topic.  So we decided to solution the complaint. Hopefully we pulled it off. Join Allan and Jim McConnell, Principal at Ask McConnell, LLC and former Fellow in Corporate Security Protection Operations at Verizon, as they take on the challenge of solving this common lament. There is a fierce round of "answer pong" as they throw out suggestions on how to earn that seat, but they also cover: What does it mean to have a seat at the table? Ownership vs. advising Bridging the chasm between the two Supplier/Vendor to the business - is that a good model? BE the business (yes, that always comes up!) How to become a business expert And of course, the aforementioned game of Answer Pong as to how to earn that seat. Y'all enjoy the show, and y'all be good now!

Pat Benoit, CISO at Brinks, shares his experience obtaining a NACD Directorship Certification. He discusses the certification process, resources available, and the importance of perseverance. The episode also explores obtaining cybersecurity certifications, networking, and the challenges of adapting to new roles and expectations.

In this podcast, Ayman Elsawah and Allan discuss the role of CISOs in business integration. They explore how CISOs can go beyond enabling the business to actually being a part of it. Topics include sales cycle involvement, product security integration, and combating cybersecurity complacency.

This one was recorded LIVE! in Podcast Alley at the CyberMarketingCon 2023 put on by the Cybersecurity Marketing Society in Austin, Texas.   Marketing!?!!?  Say what!?!?   Yup!  Allan went down to Austin to catch up with industry players and to participate in the conference as a "creator", i.e., podcaster. While there Allan ran into his friend Tom LeDuc, CMO at Semperis, and he got Tom to hop on the mic with him to discuss leadership challenges such as conflict, territorialism, jurisdictional disputes, startup mindset vs. bigger mindset...  The two of them cover quite a lot of territory. Some of Tom's story is obviously CMO-specific, but Allan and Tom both universalize the topics and get to the heart of what matters for all leaders. This show is not sponsored by Semperis, but Allan wants to clarify and be transparent about the fact that he is an advisor to Semperis.   Allan says: "Tom is just a great guy and is fun on the mic!" Y'all be good now!  

Howdy, y'all, and welcome to The Cyber Ranch Podcast!  Our guest is Andrew Wilder, Retained CISO at Community Veterinary Partners, Member of the Board of Directors at Washington University in St. Louis, Advisory Board Member, former Global CISO, former Regional CISO... He's got a real history in this game.  What we're talking about today is retained, fractional, virtual, and part-time CISOing...   Topics addressed:   Challenge of vCISO - do i have a job 6 months from now? Marketing and sales - building pipeline OR work for someone else - they get a big cut? Life insurance in the US is normally employment-based, and paid time off is a thing.  Allan's cancer scare brought all of those risks to light. Tax benefits to 1099 Work/Life balance - or should that be life/work balance? Two fulltime vCISO roles at the same time?  Possible... Fractional, one-offs, consultations SEC and SolarWinds - a vCISO is not an officer of the company Andrew calls himself 'retained CISO' - he got that term from our friend Steve Zelewski Fractional vs. virtual vs. retainers - everyone says retainer is the path to victory, but how does that really work?

Guest John Checco, author of Zero Trust: From Aspirational to Overdue and resident CISO at Proofpoint, talks about 'The Misfits of Zero Trust'. He discusses investigating the Zero Trust model, '2nd and 3rd world affectations', highest priorities, and the future of Zero Trust in the industry.